What Do Independent Auditors Need to Know About the Internal Control Infrastructure of the Organization?
Independent auditors need to have a good understanding of an organization’s internal control infrastructure to assess the effectiveness of the internal control system and identify areas of potential risk. This includes reviewing the internal control framework, policies, procedures, and documentation. The auditor should also assess the design and implementation of internal controls to ensure they are appropriate to manage identified risks.
During the audit process, the auditor should perform a risk assessment and determine the key controls that are necessary to address the identified risks. They should evaluate the operating effectiveness of these controls by testing them through observation, inquiry, and documentation review.
The auditor should also assess the tone at the top of the organization and the culture of compliance to ensure that the control environment is strong and that management is committed to maintaining an effective internal control system. Finally, the auditor should communicate any findings or recommendations to management and the audit committee and ensure that corrective actions are taken.